From 33525da20575ba0149d1c6bcaac74e52d4e0ddd7 Mon Sep 17 00:00:00 2001 From: Andreas Ebner Date: Tue, 6 Aug 2019 16:17:33 +0200 Subject: Removed GNUNET_CREDENTIAL_Credential, new cmdline parameters, formatting: - removed all files and functions related to GNUNET_CREDENTIAL_Credential, has been replaced by GNUNET_CREDENTIAL_Delegate - renamed cmline parameter 'credential' - added cmline parameter for backward/forward search and a related enum - added cmline parameter to store private delegates - only private delegates are used as start/end of the search algorithm (set to vrh in collect) - run valgrind: no memory exceptions - run clang-format --- src/credential/Makefile.am | 2 - src/credential/credential.h | 4 +- src/credential/credential_api.c | 189 ++++---- src/credential/credential_misc.c | 176 -------- src/credential/credential_misc.h | 36 -- src/credential/credential_serialization.c | 91 +--- src/credential/credential_serialization.h | 112 +++-- src/credential/gnunet-credential.c | 294 ++++++------ src/credential/gnunet-service-credential.c | 643 +++++++++++++++------------ src/credential/plugin_gnsrecord_credential.c | 21 +- src/credential/test_credential_own.sh | 28 +- src/include/gnunet_credential_service.h | 67 +-- 12 files changed, 697 insertions(+), 966 deletions(-) delete mode 100644 src/credential/credential_misc.c delete mode 100644 src/credential/credential_misc.h (limited to 'src') diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am index d7d8964eb..e72cf4f79 100644 --- a/src/credential/Makefile.am +++ b/src/credential/Makefile.am @@ -72,8 +72,6 @@ libgnunetcredential_la_SOURCES = \ credential_api.c credential.h\ credential_serialization.c \ credential_serialization.h \ - credential_misc.c \ - credential_misc.h \ delegate_misc.c \ delegate_misc.h libgnunetcredential_la_LIBADD = \ diff --git a/src/credential/credential.h b/src/credential/credential.h index ca8fb78d7..43ecec73f 100644 --- a/src/credential/credential.h +++ b/src/credential/credential.h @@ -29,8 +29,6 @@ GNUNET_NETWORK_STRUCT_BEGIN -enum direction{Backward, Forward, Bidirectional}; - /** * Message from client to Credential service to collect credentials. */ @@ -249,7 +247,7 @@ struct DelegateEntry * Expiration time of this credential */ uint64_t expiration GNUNET_PACKED; - + /** * Issuer subject attribute length */ diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 4fe32465a..7c3b35464 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -35,7 +35,7 @@ #include "gnunet_identity_service.h" -#define LOG(kind,...) GNUNET_log_from (kind, "credential-api",__VA_ARGS__) +#define LOG(kind, ...) GNUNET_log_from (kind, "credential-api", __VA_ARGS__) /** * Handle to a verify request @@ -77,7 +77,6 @@ struct GNUNET_CREDENTIAL_Request * request id */ uint32_t r_id; - }; @@ -121,7 +120,6 @@ struct GNUNET_CREDENTIAL_Handle * Request Id generator. Incremented by one for each request. */ uint32_t r_id_gen; - }; @@ -159,12 +157,12 @@ force_reconnect (struct GNUNET_CREDENTIAL_Handle *handle) { GNUNET_MQ_destroy (handle->mq); handle->mq = NULL; - handle->reconnect_backoff - = GNUNET_TIME_STD_BACKOFF (handle->reconnect_backoff); - handle->reconnect_task - = GNUNET_SCHEDULER_add_delayed (handle->reconnect_backoff, - &reconnect_task, - handle); + handle->reconnect_backoff = + GNUNET_TIME_STD_BACKOFF (handle->reconnect_backoff); + handle->reconnect_task = + GNUNET_SCHEDULER_add_delayed (handle->reconnect_backoff, + &reconnect_task, + handle); } @@ -177,8 +175,7 @@ force_reconnect (struct GNUNET_CREDENTIAL_Handle *handle) * @param error error code */ static void -mq_error_handler (void *cls, - enum GNUNET_MQ_Error error) +mq_error_handler (void *cls, enum GNUNET_MQ_Error error) { struct GNUNET_CREDENTIAL_Handle *handle = cls; @@ -192,8 +189,7 @@ mq_error_handler (void *cls, * @param vr_msg the incoming message */ static int -check_result (void *cls, - const struct DelegationChainResultMessage *vr_msg) +check_result (void *cls, const struct DelegationChainResultMessage *vr_msg) { //TODO return GNUNET_OK; @@ -207,8 +203,7 @@ check_result (void *cls, * @param vr_msg the incoming message */ static void -handle_result (void *cls, - const struct DelegationChainResultMessage *vr_msg) +handle_result (void *cls, const struct DelegationChainResultMessage *vr_msg) { struct GNUNET_CREDENTIAL_Handle *handle = cls; uint32_t r_id = ntohl (vr_msg->id); @@ -230,31 +225,25 @@ handle_result (void *cls, return; proc = vr->verify_proc; proc_cls = vr->proc_cls; - GNUNET_CONTAINER_DLL_remove (handle->request_head, - handle->request_tail, - vr); + GNUNET_CONTAINER_DLL_remove (handle->request_head, handle->request_tail, vr); GNUNET_MQ_discard (vr->env); GNUNET_free (vr); - GNUNET_assert (GNUNET_OK == - GNUNET_CREDENTIAL_delegation_chain_deserialize (mlen, - (const char*) &vr_msg[1], - d_count, - d_chain, - c_count, - dels)); + GNUNET_assert ( + GNUNET_OK == + GNUNET_CREDENTIAL_delegation_chain_deserialize (mlen, + (const char *) &vr_msg[1], + d_count, + d_chain, + c_count, + dels)); if (GNUNET_NO == ntohl (vr_msg->del_found)) { - proc (proc_cls, - 0, - NULL, - 0, + proc (proc_cls, 0, NULL, 0, NULL); // TODO - } else { - proc (proc_cls, - d_count, - d_chain, - c_count, - dels); + } + else + { + proc (proc_cls, d_count, d_chain, c_count, dels); } } @@ -267,22 +256,20 @@ handle_result (void *cls, static void reconnect (struct GNUNET_CREDENTIAL_Handle *handle) { - struct GNUNET_MQ_MessageHandler handlers[] = { - GNUNET_MQ_hd_var_size (result, - GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT, - struct DelegationChainResultMessage, - handle), - GNUNET_MQ_hd_var_size (result, - GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT_RESULT, - struct DelegationChainResultMessage, - handle), - GNUNET_MQ_handler_end () - }; + struct GNUNET_MQ_MessageHandler handlers[] = + {GNUNET_MQ_hd_var_size (result, + GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT, + struct DelegationChainResultMessage, + handle), + GNUNET_MQ_hd_var_size (result, + GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT_RESULT, + struct DelegationChainResultMessage, + handle), + GNUNET_MQ_handler_end ()}; struct GNUNET_CREDENTIAL_Request *vr; GNUNET_assert (NULL == handle->mq); - LOG (GNUNET_ERROR_TYPE_DEBUG, - "Trying to connect to CREDENTIAL\n"); + LOG (GNUNET_ERROR_TYPE_DEBUG, "Trying to connect to CREDENTIAL\n"); handle->mq = GNUNET_CLIENT_connect (handle->cfg, "credential", handlers, @@ -291,8 +278,7 @@ reconnect (struct GNUNET_CREDENTIAL_Handle *handle) if (NULL == handle->mq) return; for (vr = handle->request_head; NULL != vr; vr = vr->next) - GNUNET_MQ_send_copy (handle->mq, - vr->env); + GNUNET_MQ_send_copy (handle->mq, vr->env); } @@ -352,9 +338,7 @@ GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *lr) { struct GNUNET_CREDENTIAL_Handle *handle = lr->credential_handle; - GNUNET_CONTAINER_DLL_remove (handle->request_head, - handle->request_tail, - lr); + GNUNET_CONTAINER_DLL_remove (handle->request_head, handle->request_tail, lr); GNUNET_MQ_discard (lr->env); GNUNET_free (lr); } @@ -373,13 +357,15 @@ GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *lr) * @param proc_cls closure for processor * @return handle to the queued request */ -struct GNUNET_CREDENTIAL_Request* -GNUNET_CREDENTIAL_collect (struct GNUNET_CREDENTIAL_Handle *handle, - const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, - const char *issuer_attribute, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *subject_key, - GNUNET_CREDENTIAL_CredentialResultProcessor proc, - void *proc_cls) +struct GNUNET_CREDENTIAL_Request * +GNUNET_CREDENTIAL_collect ( + struct GNUNET_CREDENTIAL_Handle *handle, + const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, + const char *issuer_attribute, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *subject_key, + enum GNUNET_CREDENTIAL_AlgoDirectionFlags direction, + GNUNET_CREDENTIAL_CredentialResultProcessor proc, + void *proc_cls) { /* IPC to shorten credential names, return shorten_handle */ struct CollectMessage *c_msg; @@ -407,25 +393,18 @@ GNUNET_CREDENTIAL_collect (struct GNUNET_CREDENTIAL_Handle *handle, vr->verify_proc = proc; vr->proc_cls = proc_cls; vr->r_id = handle->r_id_gen++; - vr->env = GNUNET_MQ_msg_extra (c_msg, - nlen, - GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT); + vr->env = + GNUNET_MQ_msg_extra (c_msg, nlen, GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT); c_msg->id = htonl (vr->r_id); c_msg->subject_key = *subject_key; - c_msg->issuer_key = *issuer_key; - c_msg->issuer_attribute_len = htons(strlen(issuer_attribute)); - c_msg->resolution_algo = htons(Backward); - //c_msg->resolution_algo = htons(Forward); - - GNUNET_memcpy (&c_msg[1], - issuer_attribute, - strlen (issuer_attribute)); - GNUNET_CONTAINER_DLL_insert (handle->request_head, - handle->request_tail, - vr); + c_msg->issuer_key = *issuer_key; + c_msg->issuer_attribute_len = htons (strlen (issuer_attribute)); + c_msg->resolution_algo = htons (direction); + + GNUNET_memcpy (&c_msg[1], issuer_attribute, strlen (issuer_attribute)); + GNUNET_CONTAINER_DLL_insert (handle->request_head, handle->request_tail, vr); if (NULL != handle->mq) - GNUNET_MQ_send_copy (handle->mq, - vr->env); + GNUNET_MQ_send_copy (handle->mq, vr->env); return vr; } /** @@ -446,15 +425,17 @@ GNUNET_CREDENTIAL_collect (struct GNUNET_CREDENTIAL_Handle *handle, * @param proc_cls closure for processor * @return handle to the queued request */ -struct GNUNET_CREDENTIAL_Request* -GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, - const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, - const char *issuer_attribute, - const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, - uint32_t delegate_count, - const struct GNUNET_CREDENTIAL_Delegate *delegates, - GNUNET_CREDENTIAL_CredentialResultProcessor proc, - void *proc_cls) +struct GNUNET_CREDENTIAL_Request * +GNUNET_CREDENTIAL_verify ( + struct GNUNET_CREDENTIAL_Handle *handle, + const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, + const char *issuer_attribute, + const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, + uint32_t delegate_count, + const struct GNUNET_CREDENTIAL_Delegate *delegates, + enum GNUNET_CREDENTIAL_AlgoDirectionFlags direction, + GNUNET_CREDENTIAL_CredentialResultProcessor proc, + void *proc_cls) { /* IPC to shorten credential names, return shorten_handle */ struct VerifyMessage *v_msg; @@ -468,8 +449,7 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, return NULL; } - clen = GNUNET_CREDENTIAL_delegates_get_size (delegate_count, - delegates); + clen = GNUNET_CREDENTIAL_delegates_get_size (delegate_count, delegates); //DEBUG LOG LOG (GNUNET_ERROR_TYPE_DEBUG, @@ -486,31 +466,24 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, vr->verify_proc = proc; vr->proc_cls = proc_cls; vr->r_id = handle->r_id_gen++; - vr->env = GNUNET_MQ_msg_extra (v_msg, - nlen, - GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY); + vr->env = + GNUNET_MQ_msg_extra (v_msg, nlen, GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY); v_msg->id = htonl (vr->r_id); v_msg->subject_key = *subject_key; - v_msg->d_count = htonl(delegate_count); - v_msg->issuer_key = *issuer_key; - v_msg->issuer_attribute_len = htons(strlen(issuer_attribute)); - v_msg->resolution_algo = htons(Backward); - //v_msg->resolution_algo = htons(Forward); - - GNUNET_memcpy (&v_msg[1], - issuer_attribute, - strlen (issuer_attribute)); + v_msg->d_count = htonl (delegate_count); + v_msg->issuer_key = *issuer_key; + v_msg->issuer_attribute_len = htons (strlen (issuer_attribute)); + v_msg->resolution_algo = htons (direction); + + GNUNET_memcpy (&v_msg[1], issuer_attribute, strlen (issuer_attribute)); GNUNET_CREDENTIAL_delegates_serialize (delegate_count, - delegates, - clen, - ((char*)&v_msg[1]) - + strlen (issuer_attribute) + 1); - GNUNET_CONTAINER_DLL_insert (handle->request_head, - handle->request_tail, - vr); + delegates, + clen, + ((char *) &v_msg[1]) + + strlen (issuer_attribute) + 1); + GNUNET_CONTAINER_DLL_insert (handle->request_head, handle->request_tail, vr); if (NULL != handle->mq) - GNUNET_MQ_send_copy (handle->mq, - vr->env); + GNUNET_MQ_send_copy (handle->mq, vr->env); return vr; } diff --git a/src/credential/credential_misc.c b/src/credential/credential_misc.c deleted file mode 100644 index 13435273e..000000000 --- a/src/credential/credential_misc.c +++ /dev/null @@ -1,176 +0,0 @@ -/* - This file is part of GNUnet. - Copyright (C) 2009-2013, 2016 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - - SPDX-License-Identifier: AGPL3.0-or-later - */ - - -/** - * @file credential/credential_misc.c - * @brief Misc API for credentials - * - * @author Martin Schanzenbach - */ -#include "platform.h" -#include "gnunet_util_lib.h" -#include "gnunet_constants.h" -#include "gnunet_credential_service.h" -#include "gnunet_signatures.h" -#include "credential.h" -#include - -char* -GNUNET_CREDENTIAL_credential_to_string (const struct - GNUNET_CREDENTIAL_Credential *cred) -{ - char *cred_str; - char *subject_pkey; - char *issuer_pkey; - char *signature; - - - subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key); - issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key); - GNUNET_STRINGS_base64_encode ((char*) &cred->signature, - sizeof(struct GNUNET_CRYPTO_EcdsaSignature), - &signature); - GNUNET_asprintf (&cred_str, - "%s.%s -> %s | %s | %" SCNu64, - issuer_pkey, - cred->issuer_attribute, - subject_pkey, - signature, - cred->expiration.abs_value_us); - GNUNET_free (subject_pkey); - GNUNET_free (issuer_pkey); - GNUNET_free (signature); - return cred_str; -} - -struct GNUNET_CREDENTIAL_Credential* -GNUNET_CREDENTIAL_credential_from_string (const char*s) -{ - struct GNUNET_CREDENTIAL_Credential *cred; - size_t enclen = (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; - - if (enclen % 5 > 0) - enclen += 5 - enclen % 5; - enclen /= 5; /* 260/5 = 52 */ - char subject_pkey[enclen + 1]; - char issuer_pkey[enclen + 1]; - char name[253 + 1]; - char signature[256]; // TODO max payload size - - struct GNUNET_CRYPTO_EcdsaSignature *sig; - struct GNUNET_TIME_Absolute etime_abs; - - if (5 != sscanf (s, - "%52s.%253s -> %52s | %s | %" SCNu64, - issuer_pkey, - name, - subject_pkey, - signature, - &etime_abs.abs_value_us)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - _ ("Unable to parse CRED record string `%s'\n"), - s); - return NULL; - } - cred = GNUNET_malloc (sizeof(struct GNUNET_CREDENTIAL_Credential) + strlen ( - name) + 1); - GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_pkey, - strlen (subject_pkey), - &cred->subject_key); - GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, - strlen (issuer_pkey), - &cred->issuer_key); - GNUNET_assert (sizeof(struct GNUNET_CRYPTO_EcdsaSignature) == - GNUNET_STRINGS_base64_decode (signature, - strlen ( - signature), - ( - char**) &sig)); - cred->signature = *sig; - cred->expiration = etime_abs; - GNUNET_free (sig); - GNUNET_memcpy (&cred[1], - name, - strlen (name) + 1); - cred->issuer_attribute_len = strlen ((char*) &cred[1]); - cred->issuer_attribute = (char*) &cred[1]; - return cred; -} - -/** - * Issue an attribute to a subject - * - * @param issuer the ego that should be used to issue the attribute - * @param subject the subject of the attribute - * @param attribute the name of the attribute - * @return handle to the queued request - */ -struct GNUNET_CREDENTIAL_Credential * -GNUNET_CREDENTIAL_credential_issue (const struct - GNUNET_CRYPTO_EcdsaPrivateKey *issuer, - struct GNUNET_CRYPTO_EcdsaPublicKey *subject, - const char *attribute, - struct GNUNET_TIME_Absolute *expiration) -{ - struct CredentialEntry *crd; - struct GNUNET_CREDENTIAL_Credential *cred; - size_t size; - - size = sizeof(struct CredentialEntry) + strlen (attribute) + 1; - crd = GNUNET_malloc (size); - cred = GNUNET_malloc (sizeof(struct GNUNET_CREDENTIAL_Credential) + strlen ( - attribute) + 1); - crd->purpose.size = htonl (size - sizeof(struct - GNUNET_CRYPTO_EcdsaSignature)); - - crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); - GNUNET_CRYPTO_ecdsa_key_get_public (issuer, - &crd->issuer_key); - crd->subject_key = *subject; - crd->expiration = GNUNET_htonll (expiration->abs_value_us); - crd->issuer_attribute_len = htonl (strlen (attribute) + 1); - GNUNET_memcpy ((char*) &crd[1], - attribute, - strlen (attribute) + 1); - if (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_sign (issuer, - &crd->purpose, - &crd->signature)) - { - GNUNET_break (0); - GNUNET_free (crd); - GNUNET_free (cred); - return NULL; - } - cred->signature = crd->signature; - cred->expiration = *expiration; - GNUNET_CRYPTO_ecdsa_key_get_public (issuer, - &cred->issuer_key); - - cred->subject_key = *subject; - GNUNET_memcpy (&cred[1], - attribute, - strlen (attribute) + 1); - cred->issuer_attribute = (char*) &cred[1]; - GNUNET_free (crd); - return cred; -} diff --git a/src/credential/credential_misc.h b/src/credential/credential_misc.h deleted file mode 100644 index 510e1aacb..000000000 --- a/src/credential/credential_misc.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - This file is part of GNUnet - Copyright (C) 2012-2013 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - - SPDX-License-Identifier: AGPL3.0-or-later - */ -/** - * @file credential/credential_misc.h - * @brief Credential helper functions - */ -#ifndef CREDENTIAL_MISC_H -#define CREDENTIAL_MISC_H - -#include "gnunet_credential_service.h" - -char * -GNUNET_CREDENTIAL_credential_to_string ( - const struct GNUNET_CREDENTIAL_Credential *cred); - -struct GNUNET_CREDENTIAL_Credential * -GNUNET_CREDENTIAL_credential_from_string (const char *str); - -#endif diff --git a/src/credential/credential_serialization.c b/src/credential/credential_serialization.c index 65a85e37e..564d9957b 100644 --- a/src/credential/credential_serialization.c +++ b/src/credential/credential_serialization.c @@ -221,11 +221,10 @@ GNUNET_CREDENTIAL_delegates_serialize ( * @return #GNUNET_OK on success, #GNUNET_SYSERR on error */ int -GNUNET_CREDENTIAL_delegates_deserialize ( - size_t len, - const char *src, - unsigned int c_count, - struct GNUNET_CREDENTIAL_Delegate *cd) +GNUNET_CREDENTIAL_delegates_deserialize (size_t len, + const char *src, + unsigned int c_count, + struct GNUNET_CREDENTIAL_Delegate *cd) { struct DelegateEntry c_rec; unsigned int i; @@ -335,9 +334,9 @@ GNUNET_CREDENTIAL_delegation_chain_serialize ( off += dd[i].subject_attribute_len; } return off + GNUNET_CREDENTIAL_delegates_serialize (c_count, - cd, - dest_size - off, - &dest[off]); + cd, + dest_size - off, + &dest[off]); } @@ -386,79 +385,9 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize ( off += dd[i].subject_attribute_len; } return GNUNET_CREDENTIAL_delegates_deserialize (len - off, - &src[off], - c_count, - cd); -} - -int -GNUNET_CREDENTIAL_credential_serialize ( - struct GNUNET_CREDENTIAL_Credential *cred, - char **data) -{ - size_t size; - struct CredentialEntry *cdata; - - size = sizeof (struct CredentialEntry) + strlen (cred->issuer_attribute) + 1; - *data = GNUNET_malloc (size); - cdata = (struct CredentialEntry *) *data; - cdata->subject_key = cred->subject_key; - cdata->issuer_key = cred->issuer_key; - cdata->expiration = GNUNET_htonll (cred->expiration.abs_value_us); - cdata->signature = cred->signature; - cdata->issuer_attribute_len = htonl (strlen (cred->issuer_attribute) + 1); - cdata->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); - cdata->purpose.size = - htonl (size - sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); - GNUNET_memcpy (&cdata[1], - cred->issuer_attribute, - strlen (cred->issuer_attribute)); - - if (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, - &cdata->purpose, - &cdata->signature, - &cdata->issuer_key)) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Invalid credential\n"); - //return NULL; - } - return size; -} - -struct GNUNET_CREDENTIAL_Credential * -GNUNET_CREDENTIAL_credential_deserialize (const char *data, size_t data_size) -{ - struct GNUNET_CREDENTIAL_Credential *cred; - struct CredentialEntry *cdata; - char *issuer_attribute; - - if (data_size < sizeof (struct CredentialEntry)) - return NULL; - cdata = (struct CredentialEntry *) data; - if (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, - &cdata->purpose, - &cdata->signature, - &cdata->issuer_key)) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Invalid credential\n"); - //return NULL; - } - issuer_attribute = (char *) &cdata[1]; - - cred = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Credential) + - ntohl (cdata->issuer_attribute_len)); - - cred->issuer_key = cdata->issuer_key; - cred->subject_key = cdata->subject_key; - GNUNET_memcpy (&cred[1], - issuer_attribute, - ntohl (cdata->issuer_attribute_len)); - cred->signature = cdata->signature; - cred->issuer_attribute = (char *) &cred[1]; - cred->expiration.abs_value_us = GNUNET_ntohll (cdata->expiration); - return cred; + &src[off], + c_count, + cd); } int diff --git a/src/credential/credential_serialization.h b/src/credential/credential_serialization.h index 12988354b..0e106caa1 100644 --- a/src/credential/credential_serialization.h +++ b/src/credential/credential_serialization.h @@ -42,8 +42,9 @@ * @return the required size to serialize */ size_t -GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count, - const struct GNUNET_CREDENTIAL_DelegationSet *dsr); +GNUNET_CREDENTIAL_delegation_set_get_size ( + unsigned int ds_count, + const struct GNUNET_CREDENTIAL_DelegationSet *dsr); /** * Serizalize the given delegation record entries @@ -55,10 +56,11 @@ GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count, * @return the size of the data, -1 on failure */ ssize_t -GNUNET_CREDENTIAL_delegation_set_serialize (unsigned int d_count, - const struct GNUNET_CREDENTIAL_DelegationSet *dsr, - size_t dest_size, - char *dest); +GNUNET_CREDENTIAL_delegation_set_serialize ( + unsigned int d_count, + const struct GNUNET_CREDENTIAL_DelegationSet *dsr, + size_t dest_size, + char *dest); /** @@ -71,48 +73,51 @@ GNUNET_CREDENTIAL_delegation_set_serialize (unsigned int d_count, * @return #GNUNET_OK on success, #GNUNET_SYSERR on error */ int -GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, - const char *src, - unsigned int d_count, - struct GNUNET_CREDENTIAL_DelegationSet *dsr); +GNUNET_CREDENTIAL_delegation_set_deserialize ( + size_t len, + const char *src, + unsigned int d_count, + struct GNUNET_CREDENTIAL_DelegationSet *dsr); - /** +/** * Calculate how many bytes we will need to serialize * the given delegation chain and credential * * @param d_count number of delegation chain entries * @param dd array of #GNUNET_CREDENTIAL_Delegation * @param c_count number of credential entries - * @param cd a #GNUNET_CREDENTIAL_Credential + * @param cd a #GNUNET_CREDENTIAL_Delegate * @return the required size to serialize */ - size_t - GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count, - const struct GNUNET_CREDENTIAL_Delegation *dd, - unsigned int c_count, - const struct GNUNET_CREDENTIAL_Delegate *cd); +size_t +GNUNET_CREDENTIAL_delegation_chain_get_size ( + unsigned int d_count, + const struct GNUNET_CREDENTIAL_Delegation *dd, + unsigned int c_count, + const struct GNUNET_CREDENTIAL_Delegate *cd); - /** +/** * Serizalize the given delegation chain entries and credential * * @param d_count number of delegation chain entries * @param dd array of #GNUNET_CREDENTIAL_Delegation * @param c_count number of credential entries - * @param cd a #GNUNET_CREDENTIAL_Credential + * @param cd a #GNUNET_CREDENTIAL_Delegate * @param dest_size size of the destination * @param dest where to store the result * @return the size of the data, -1 on failure */ - ssize_t - GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count, - const struct GNUNET_CREDENTIAL_Delegation *dd, - unsigned int c_count, - const struct GNUNET_CREDENTIAL_Delegate *cd, - size_t dest_size, - char *dest); +ssize_t +GNUNET_CREDENTIAL_delegation_chain_serialize ( + unsigned int d_count, + const struct GNUNET_CREDENTIAL_Delegation *dd, + unsigned int c_count, + const struct GNUNET_CREDENTIAL_Delegate *cd, + size_t dest_size, + char *dest); - /** +/** * Deserialize the given destination * * @param len size of the serialized delegation chain and cred @@ -123,45 +128,38 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, * @param cd where to put the credential data * @return #GNUNET_OK on success, #GNUNET_SYSERR on error */ - int - GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, - const char *src, - unsigned int d_count, - struct GNUNET_CREDENTIAL_Delegation *dd, - unsigned int c_count, - struct GNUNET_CREDENTIAL_Delegate *cd); - size_t - GNUNET_CREDENTIAL_delegates_get_size (unsigned int c_count, - const struct GNUNET_CREDENTIAL_Delegate *cd); +int +GNUNET_CREDENTIAL_delegation_chain_deserialize ( + size_t len, + const char *src, + unsigned int d_count, + struct GNUNET_CREDENTIAL_Delegation *dd, + unsigned int c_count, + struct GNUNET_CREDENTIAL_Delegate *cd); +size_t +GNUNET_CREDENTIAL_delegates_get_size ( + unsigned int c_count, + const struct GNUNET_CREDENTIAL_Delegate *cd); ssize_t -GNUNET_CREDENTIAL_delegates_serialize (unsigned int c_count, - const struct GNUNET_CREDENTIAL_Delegate *cd, - size_t dest_size, - char *dest); +GNUNET_CREDENTIAL_delegates_serialize ( + unsigned int c_count, + const struct GNUNET_CREDENTIAL_Delegate *cd, + size_t dest_size, + char *dest); int GNUNET_CREDENTIAL_delegates_deserialize (size_t len, - const char *src, - unsigned int c_count, - struct GNUNET_CREDENTIAL_Delegate *cd); - - -int -GNUNET_CREDENTIAL_credential_serialize (struct GNUNET_CREDENTIAL_Credential *cred, - char **data); - -struct GNUNET_CREDENTIAL_Credential* -GNUNET_CREDENTIAL_credential_deserialize (const char* data, - size_t data_size); + const char *src, + unsigned int c_count, + struct GNUNET_CREDENTIAL_Delegate *cd); int GNUNET_CREDENTIAL_delegate_serialize (struct GNUNET_CREDENTIAL_Delegate *cred, - char **data); + char **data); -struct GNUNET_CREDENTIAL_Delegate* -GNUNET_CREDENTIAL_delegate_deserialize (const char* data, - size_t data_size); +struct GNUNET_CREDENTIAL_Delegate * +GNUNET_CREDENTIAL_delegate_deserialize (const char *data, size_t data_size); #endif /* end of credential_serialization.h */ diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index 07148a1b5..5cc1a791e 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -27,7 +27,6 @@ #include #include #include -#include "credential_misc.h" #include "delegate_misc.h" #include "credential_serialization.h" @@ -82,9 +81,9 @@ static struct GNUNET_SCHEDULER_Task *tt; static char *subject; /** - * Subject credential string + * Subject delegate string */ -static char *subject_credential; +static char *subject_delegate; /** * Credential TTL @@ -122,11 +121,6 @@ static char *issuer_attr; */ static int verify; -/** - * Issue mode - */ -static int create_cred; - /** * Collect mode */ @@ -152,6 +146,26 @@ static int sign_ss; */ static char *import; +/** + * Is record private + */ +static int is_private; + +/** + * Search direction: forward + */ +static int forward; + +/** + * Search direction: backward + */ +static int backward; + +/** + * API enum, filled and passed for collect/verify + */ +enum GNUNET_CREDENTIAL_AlgoDirectionFlags direction = 0; + /** * Queue entry for the 'add' operation. */ @@ -268,8 +282,10 @@ handle_collect_result (void *cls, printf ("%s\n", line); GNUNET_free (line); } - } else { - printf("Received NULL\n"); + } + else + { + printf ("Received NULL\n"); } GNUNET_SCHEDULER_shutdown (); @@ -344,10 +360,6 @@ static void identity_cb (void *cls, const struct GNUNET_IDENTITY_Ego *ego) { const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; - struct GNUNET_CREDENTIAL_Credential *cred; - struct GNUNET_TIME_Absolute etime_abs; - struct GNUNET_TIME_Relative etime_rel; - char *res; el = NULL; if (NULL == ego) @@ -381,44 +393,11 @@ identity_cb (void *cls, const struct GNUNET_IDENTITY_Ego *ego) &issuer_pkey, issuer_attr, //TODO argument privkey, + direction, &handle_collect_result, NULL); return; } - - //Else issue - - if (NULL == expiration) - { - fprintf (stderr, "Please specify a TTL\n"); - GNUNET_SCHEDULER_shutdown (); - return; - } - else if (GNUNET_OK == - GNUNET_STRINGS_fancy_time_to_relative (expiration, &etime_rel)) - { - etime_abs = GNUNET_TIME_relative_to_absolute (etime_rel); - } - else if (GNUNET_OK != - GNUNET_STRINGS_fancy_time_to_absolute (expiration, &etime_abs)) - { - fprintf (stderr, "%s is not a valid ttl!\n", expiration); - GNUNET_SCHEDULER_shutdown (); - return; - } - - - privkey = GNUNET_IDENTITY_ego_get_private_key (ego); - GNUNET_free_non_null (ego_name); - ego_name = NULL; - cred = GNUNET_CREDENTIAL_credential_issue (privkey, - &subject_pkey, - issuer_attr, - &etime_abs); - - res = GNUNET_CREDENTIAL_credential_to_string (cred); - GNUNET_free (cred); - printf ("%s\n", res); GNUNET_SCHEDULER_shutdown (); } @@ -506,9 +485,9 @@ get_existing_record (void *cls, rde->record_type = type; // Flags not required , TODO what have we said we do with that now? Look it up in my writing /*if (1 == is_shadow) - rde->flags |= GNUNET_GNSRECORD_RF_SHADOW_RECORD; - if (1 != is_public) - rde->flags |= GNUNET_GNSRECORD_RF_PRIVATE;*/ + rde->flags |= GNUNET_GNSRECORD_RF_SHADOW_RECORD;*/ + if (GNUNET_YES == is_private) + rde->flags |= GNUNET_GNSRECORD_RF_PRIVATE; rde->expiration_time = etime; if (GNUNET_YES == etime_is_rel) rde->flags |= GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; @@ -751,6 +730,7 @@ run (void *cls, if (GNUNET_YES == create_ss) { + // check if signed parameter has been passed in cmd line call if (NULL == import) { @@ -787,6 +767,20 @@ run (void *cls, return; } + if (GNUNET_NO == forward && GNUNET_NO == backward) + { + fprintf ( + stderr, + _ ( + "You must state which search direction: '--forward' or '--backward'\n")); + GNUNET_SCHEDULER_shutdown (); + return; + } + if (GNUNET_YES == forward) + direction |= GNUNET_CREDENTIAL_FLAG_FORWARD; + if (GNUNET_YES == backward) + direction |= GNUNET_CREDENTIAL_FLAG_BACKWARD; + if (GNUNET_YES == collect) { if (NULL == issuer_key) @@ -840,6 +834,15 @@ run (void *cls, if (GNUNET_YES == verify) { + if (GNUNET_NO == forward && GNUNET_NO == backward) + { + fprintf ( + stderr, + _ ( + "You must state which search direction: '-forward' or 'backward'\n")); + GNUNET_SCHEDULER_shutdown (); + return; + } if (NULL == issuer_key) { fprintf (stderr, _ ("Issuer public key not well-formed\n")); @@ -865,7 +868,7 @@ run (void *cls, GNUNET_SCHEDULER_shutdown (); return; } - if (NULL == issuer_attr || NULL == subject_credential) + if (NULL == issuer_attr || NULL == subject_delegate) { fprintf (stderr, _ ("You must provide issuer and subject attributes\n")); GNUNET_SCHEDULER_shutdown (); @@ -873,7 +876,7 @@ run (void *cls, } //Subject credentials are comma separated - char *tmp = GNUNET_strdup (subject_credential); + char *tmp = GNUNET_strdup (subject_delegate); char *tok = strtok (tmp, ","); if (NULL == tok) { @@ -886,20 +889,20 @@ run (void *cls, int i; while (NULL != (tok = strtok (NULL, ","))) count++; - struct GNUNET_CREDENTIAL_Delegate credentials[count]; - struct GNUNET_CREDENTIAL_Delegate *cred; + struct GNUNET_CREDENTIAL_Delegate delegates[count]; + struct GNUNET_CREDENTIAL_Delegate *dele; GNUNET_free (tmp); - tmp = GNUNET_strdup (subject_credential); + tmp = GNUNET_strdup (subject_delegate); tok = strtok (tmp, ","); for (i = 0; i < count; i++) { - cred = GNUNET_CREDENTIAL_delegate_from_string (tok); - GNUNET_memcpy (&credentials[i], - cred, + dele = GNUNET_CREDENTIAL_delegate_from_string (tok); + GNUNET_memcpy (&delegates[i], + dele, sizeof (struct GNUNET_CREDENTIAL_Delegate)); - credentials[i].issuer_attribute = GNUNET_strdup (cred->issuer_attribute); + delegates[i].issuer_attribute = GNUNET_strdup (dele->issuer_attribute); tok = strtok (NULL, ","); - GNUNET_free (cred); + GNUNET_free (dele); } verify_request = GNUNET_CREDENTIAL_verify (credential, @@ -907,27 +910,16 @@ run (void *cls, issuer_attr, //TODO argument &subject_pkey, count, - credentials, + delegates, + direction, &handle_verify_result, NULL); for (i = 0; i < count; i++) { - GNUNET_free ((char *) credentials[i].issuer_attribute); + GNUNET_free ((char *) delegates[i].issuer_attribute); } GNUNET_free (tmp); } - else if (GNUNET_YES == create_cred) - { - if (NULL == ego_name) - { - fprintf (stderr, _ ("Issuer ego required\n")); - GNUNET_SCHEDULER_shutdown (); - return; - } - el = GNUNET_IDENTITY_ego_lookup (cfg, ego_name, &identity_cb, (void *) cfg); - - return; - } else { fprintf (stderr, @@ -949,70 +941,94 @@ run (void *cls, int main (int argc, char *const *argv) { - struct GNUNET_GETOPT_CommandLineOption options[] = { - GNUNET_GETOPT_option_flag ('I', - "issue", - gettext_noop ("create credential"), - &create_cred), - GNUNET_GETOPT_option_flag ('V', - "verify", - gettext_noop ("verify credential against attribute"), - &verify), - GNUNET_GETOPT_option_string ('s', - "subject", - "PKEY", - gettext_noop ("The public key of the subject to lookup the" - "credential for, or for issuer side storage: subject and its attributes"), - &subject), - GNUNET_GETOPT_option_string ('b', - "credential", - "CRED", - gettext_noop ("The name of the credential presented by the subject"), - &subject_credential), - GNUNET_GETOPT_option_string ('i', - "issuer", - "PKEY", - gettext_noop ("The public key of the authority to verify the credential against"), - &issuer_key), - GNUNET_GETOPT_option_string ('e', - "ego", - "EGO", - gettext_noop ("The ego/zone name to use"), - &ego_name), - GNUNET_GETOPT_option_string ('a', - "attribute", - "ATTR", - gettext_noop ("The issuer attribute to verify against or to issue"), - &issuer_attr), - GNUNET_GETOPT_option_string ('T', - "ttl", - "EXP", - gettext_noop ("The time to live for the credential." - "e.g. 5m, 6h, \"1990-12-30 12:00:00\""), - &expiration), - GNUNET_GETOPT_option_flag ('g', - "collect", - gettext_noop ("collect credentials"), - &collect), - GNUNET_GETOPT_option_flag ('U', - "createIssuerSide", - gettext_noop ("Create and issue a credential issuer side."), - &create_is), - GNUNET_GETOPT_option_flag ('C', - "createSubjectSide", - gettext_noop ("Issue a credential subject side."), - &create_ss), - GNUNET_GETOPT_option_flag ('S', - "signSubjectSide", - gettext_noop ("Create, sign and return a credential subject side."), - &sign_ss), - GNUNET_GETOPT_option_string ('x', - "import", - "IMP", - gettext_noop ("Import signed credentials that should be issued to a zone/ego"), - &import), - GNUNET_GETOPT_OPTION_END - }; + struct GNUNET_GETOPT_CommandLineOption options[] = + {GNUNET_GETOPT_option_flag ('V', + "verify", + gettext_noop ( + "verify credential against attribute"), + &verify), + GNUNET_GETOPT_option_string ( + 's', + "subject", + "PKEY", + gettext_noop ( + "The public key of the subject to lookup the" + "credential for, or for issuer side storage: subject and its attributes"), + &subject), + GNUNET_GETOPT_option_string ( + 'd', + "delegate", + "DELE", + gettext_noop ("The private, signed delegate presented by the subject"), + &subject_delegate), + GNUNET_GETOPT_option_string ( + 'i', + "issuer", + "PKEY", + gettext_noop ( + "The public key of the authority to verify the credential against"), + &issuer_key), + GNUNET_GETOPT_option_string ('e', + "ego", + "EGO", + gettext_noop ("The ego/zone name to use"), + &ego_name), + GNUNET_GETOPT_option_string ( + 'a', + "attribute", + "ATTR", + gettext_noop ("The issuer attribute to verify against or to issue"), + &issuer_attr), + GNUNET_GETOPT_option_string ('T', + "ttl", + "EXP", + gettext_noop ( + "The time to live for the credential." + "e.g. 5m, 6h, \"1990-12-30 12:00:00\""), + &expiration), + GNUNET_GETOPT_option_flag ('g', + "collect", + gettext_noop ("collect credentials"), + &collect), + GNUNET_GETOPT_option_flag ('U', + "createIssuerSide", + gettext_noop ( + "Create and issue a credential issuer side."), + &create_is), + GNUNET_GETOPT_option_flag ('C', + "createSubjectSide", + gettext_noop ( + "Issue a credential subject side."), + &create_ss), + GNUNET_GETOPT_option_flag ( + 'S', + "signSubjectSide", + gettext_noop ("Create, sign and return a credential subject side."), + &sign_ss), + GNUNET_GETOPT_option_string ( + 'x', + "import", + "IMP", + gettext_noop ( + "Import signed credentials that should be issued to a zone/ego"), + &import), + GNUNET_GETOPT_option_flag ('P', + "private", + gettext_noop ("Create private record entry."), + &is_private), + GNUNET_GETOPT_option_flag ( + 'F', + "forward", + gettext_noop ( + "Indicates that the collect/verify process is done via forward search."), + &forward), + GNUNET_GETOPT_option_flag ( + 'B', + "backward", + gettext_noop ( + "Indicates that the collect/verify process is done via forward search."), + &backward), + GNUNET_GETOPT_OPTION_END}; int ret; timeout = GNUNET_TIME_UNIT_FOREVER_REL; diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 2d954f823..41f4f64d6 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -340,7 +340,7 @@ struct VerifyRequestHandle /** * Direction of the resolution algo */ - enum direction resolution_algo; + enum GNUNET_CREDENTIAL_AlgoDirectionFlags resolution_algo; /** * Delegate iterator for lookup @@ -385,12 +385,14 @@ cleanup_delegation_set (struct DelegationSetQueueEntry *ds_entry) return; for (dq_entry = ds_entry->queue_entries_head; NULL != dq_entry; - dq_entry = ds_entry->queue_entries_head) { + dq_entry = ds_entry->queue_entries_head) + { GNUNET_CONTAINER_DLL_remove (ds_entry->queue_entries_head, ds_entry->queue_entries_tail, dq_entry); for (child = dq_entry->set_entries_head; NULL != child; - child = dq_entry->set_entries_head) { + child = dq_entry->set_entries_head) + { GNUNET_CONTAINER_DLL_remove (dq_entry->set_entries_head, dq_entry->set_entries_tail, child); @@ -403,11 +405,13 @@ cleanup_delegation_set (struct DelegationSetQueueEntry *ds_entry) GNUNET_free_non_null (ds_entry->issuer_attribute); GNUNET_free_non_null (ds_entry->unresolved_attribute_delegation); GNUNET_free_non_null (ds_entry->attr_trailer); - if (NULL != ds_entry->lookup_request) { + if (NULL != ds_entry->lookup_request) + { GNUNET_GNS_lookup_cancel (ds_entry->lookup_request); ds_entry->lookup_request = NULL; } - if (NULL != ds_entry->delegation_chain_entry) { + if (NULL != ds_entry->delegation_chain_entry) + { GNUNET_free_non_null (ds_entry->delegation_chain_entry->subject_attribute); GNUNET_free_non_null (ds_entry->delegation_chain_entry->issuer_attribute); GNUNET_free (ds_entry->delegation_chain_entry); @@ -420,14 +424,16 @@ cleanup_handle (struct VerifyRequestHandle *vrh) { struct DelegateRecordEntry *del_entry; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up...\n"); - if (NULL != vrh->lookup_request) { + if (NULL != vrh->lookup_request) + { GNUNET_GNS_lookup_cancel (vrh->lookup_request); vrh->lookup_request = NULL; } cleanup_delegation_set (vrh->root_set); GNUNET_free_non_null (vrh->issuer_attribute); for (del_entry = vrh->del_chain_head; NULL != vrh->del_chain_head; - del_entry = vrh->del_chain_head) { + del_entry = vrh->del_chain_head) + { GNUNET_CONTAINER_DLL_remove (vrh->del_chain_head, vrh->del_chain_tail, del_entry); @@ -444,21 +450,25 @@ shutdown_task (void *cls) GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Shutting down!\n"); - while (NULL != (vrh = vrh_head)) { + while (NULL != (vrh = vrh_head)) + { // CREDENTIAL_resolver_lookup_cancel (clh->lookup); GNUNET_CONTAINER_DLL_remove (vrh_head, vrh_tail, vrh); cleanup_handle (vrh); } - if (NULL != gns) { + if (NULL != gns) + { GNUNET_GNS_disconnect (gns); gns = NULL; } - if (NULL != namestore) { + if (NULL != namestore) + { GNUNET_NAMESTORE_disconnect (namestore); namestore = NULL; } - if (NULL != statistics) { + if (NULL != statistics) + { GNUNET_STATISTICS_destroy (statistics, GNUNET_NO); statistics = NULL; } @@ -480,14 +490,16 @@ send_lookup_response (struct VerifyRequestHandle *vrh) GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending response\n"); dce = vrh->delegation_chain_head; - for (uint32_t i = 0; i < vrh->delegation_chain_size; i++) { + for (uint32_t i = 0; i < vrh->delegation_chain_size; i++) + { dd[i].issuer_key = dce->issuer_key; dd[i].subject_key = dce->subject_key; dd[i].issuer_attribute = dce->issuer_attribute; dd[i].issuer_attribute_len = strlen (dce->issuer_attribute) + 1; dd[i].subject_attribute_len = 0; dd[i].subject_attribute = NULL; - if (NULL != dce->subject_attribute) { + if (NULL != dce->subject_attribute) + { dd[i].subject_attribute = dce->subject_attribute; dd[i].subject_attribute_len = strlen (dce->subject_attribute) + 1; } @@ -495,16 +507,16 @@ send_lookup_response (struct VerifyRequestHandle *vrh) } // Remove all not needed credentials - for (del = vrh->del_chain_head; NULL != del;) { - if (del->refcount > 0) { + for (del = vrh->del_chain_head; NULL != del;) + { + if (del->refcount > 0) + { del = del->next; continue; } tmp = del; del = del->next; - GNUNET_CONTAINER_DLL_remove (vrh->del_chain_head, - vrh->del_chain_tail, - tmp); + GNUNET_CONTAINER_DLL_remove (vrh->del_chain_head, vrh->del_chain_tail, tmp); GNUNET_free (tmp->delegate); GNUNET_free (tmp); vrh->del_chain_size--; @@ -513,20 +525,21 @@ send_lookup_response (struct VerifyRequestHandle *vrh) // Get serialized record data // Append at the end of rmsg del = vrh->del_chain_head; - for (uint32_t i = 0; i < vrh->del_chain_size; i++) { + for (uint32_t i = 0; i < vrh->del_chain_size; i++) + { dele[i].issuer_key = del->delegate->issuer_key; dele[i].subject_key = del->delegate->subject_key; - dele[i].issuer_attribute_len - = strlen (del->delegate->issuer_attribute) + 1; + dele[i].issuer_attribute_len = strlen (del->delegate->issuer_attribute) + 1; dele[i].issuer_attribute = del->delegate->issuer_attribute; dele[i].expiration = del->delegate->expiration; dele[i].signature = del->delegate->signature; del = del->next; } - size = GNUNET_CREDENTIAL_delegation_chain_get_size (vrh->delegation_chain_size, - dd, - vrh->del_chain_size, - dele); + size = + GNUNET_CREDENTIAL_delegation_chain_get_size (vrh->delegation_chain_size, + dd, + vrh->del_chain_size, + dele); env = GNUNET_MQ_msg_extra (rmsg, size, GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT); @@ -541,13 +554,13 @@ send_lookup_response (struct VerifyRequestHandle *vrh) rmsg->del_found = htonl (GNUNET_NO); GNUNET_assert ( - -1 - != GNUNET_CREDENTIAL_delegation_chain_serialize (vrh->delegation_chain_size, - dd, - vrh->del_chain_size, - dele, - size, - (char *)&rmsg[1])); + -1 != + GNUNET_CREDENTIAL_delegation_chain_serialize (vrh->delegation_chain_size, + dd, + vrh->del_chain_size, + dele, + size, + (char *) &rmsg[1])); GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (vrh->client), env); GNUNET_CONTAINER_DLL_remove (vrh_head, vrh_tail, vrh); @@ -559,8 +572,11 @@ send_lookup_response (struct VerifyRequestHandle *vrh) GNUNET_NO); } -static char* -partial_match(char *tmp_trail, char *tmp_subattr, char *parent_trail, char *issuer_attribute) +static char * +partial_match (char *tmp_trail, + char *tmp_subattr, + char *parent_trail, + char *issuer_attribute) { char *saveptr1, *saveptr2; char *trail_token; @@ -574,14 +590,16 @@ partial_match(char *tmp_trail, char *tmp_subattr, char *parent_trail, char *issu sub_token = strtok_r (tmp_subattr, ".", &saveptr2); while (NULL != trail_token && NULL != sub_token) { - if(0 == strcmp(trail_token,sub_token)) + if (0 == strcmp (trail_token, sub_token)) { // good, matches, remove - } else { + } + else + { // not relevant for solving the chain, end for iteration here return NULL; } - + trail_token = strtok_r (NULL, ".", &saveptr1); sub_token = strtok_r (NULL, ".", &saveptr2); } @@ -590,47 +608,38 @@ partial_match(char *tmp_trail, char *tmp_subattr, char *parent_trail, char *issu // 2. the trailer is NULL, but the subject has more attributes // Reason: This will lead to "startzone.attribute" but we're looking for a solution // for "<- startzone" - if(NULL == trail_token) + if (NULL == trail_token) { return NULL; } // do not have to check sub_token == NULL, if both would be NULL // at the same time, the complete match part above should have triggered already - + // otherwise, above while only ends when sub_token == NULL - GNUNET_asprintf (&attr_trailer, - "%s", - trail_token); - trail_token = strtok_r (NULL, ".", &saveptr1); - while(NULL != trail_token) + GNUNET_asprintf (&attr_trailer, "%s", trail_token); + trail_token = strtok_r (NULL, ".", &saveptr1); + while (NULL != trail_token) { - GNUNET_asprintf (&attr_trailer, - "%s.%s", - parent_trail, - trail_token); - trail_token = strtok_r (NULL, ".", &saveptr1); - + GNUNET_asprintf (&attr_trailer, "%s.%s", parent_trail, trail_token); + trail_token = strtok_r (NULL, ".", &saveptr1); } - GNUNET_asprintf (&attr_trailer, - "%s.%s", - issuer_attribute, - attr_trailer); + GNUNET_asprintf (&attr_trailer, "%s.%s", issuer_attribute, attr_trailer); return attr_trailer; } static void forward_resolution (void *cls, - uint32_t rd_count, - const struct GNUNET_GNSRECORD_Data *rd) + uint32_t rd_count, + const struct GNUNET_GNSRECORD_Data *rd) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received %d entries.\n", rd_count); - + struct VerifyRequestHandle *vrh; struct DelegationSetQueueEntry *current_set; struct DelegationSetQueueEntry *ds_entry; struct DelegationQueueEntry *dq_entry; - + current_set = cls; // set handle to NULL (as el = NULL) current_set->lookup_request = NULL; @@ -638,20 +647,21 @@ forward_resolution (void *cls, vrh->pending_lookups--; // Loop record entries - for (uint32_t i = 0; i < rd_count; i++) { + for (uint32_t i = 0; i < rd_count; i++) + { if (GNUNET_GNSRECORD_TYPE_DELEGATE != rd[i].record_type) continue; // Start deserialize into Delegate struct GNUNET_CREDENTIAL_Delegate *del; - del = GNUNET_CREDENTIAL_delegate_deserialize(rd[i].data, rd[i].data_size); + del = GNUNET_CREDENTIAL_delegate_deserialize (rd[i].data, rd[i].data_size); // Start: Create DQ Entry dq_entry = GNUNET_new (struct DelegationQueueEntry); // AND delegations are not possible, only 1 solution dq_entry->required_solutions = 1; dq_entry->parent_set = current_set; - + // Insert it into the current set GNUNET_CONTAINER_DLL_insert (current_set->queue_entries_head, current_set->queue_entries_tail, @@ -659,7 +669,7 @@ forward_resolution (void *cls, // Start: Create DS Entry ds_entry = GNUNET_new (struct DelegationSetQueueEntry); - + // (1) A.a <- A.b.c // (2) A.b <- D.d // (3) D.d <- E @@ -671,42 +681,55 @@ forward_resolution (void *cls, // 3. new solution: replace, add trailer // At resolution chain start trailer of parent is NULL - if (NULL == current_set->attr_trailer) { + if (NULL == current_set->attr_trailer) + { // for (5) F.c <- G, remember .c when going upwards - ds_entry->attr_trailer = GNUNET_strdup(del->issuer_attribute); - } else { - if (0 == del->subject_attribute_len){ + ds_entry->attr_trailer = GNUNET_strdup (del->issuer_attribute); + } + else + { + if (0 == del->subject_attribute_len) + { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found: New solution\n"); // new solution // create new trailer del->issuer_attribute, ds_entry->attr_trailer GNUNET_asprintf (&ds_entry->attr_trailer, - "%s.%s", - del->issuer_attribute, - current_set->attr_trailer); - } else if(0 == strcmp(del->subject_attribute, current_set->attr_trailer)){ + "%s.%s", + del->issuer_attribute, + current_set->attr_trailer); + } + else if (0 == strcmp (del->subject_attribute, current_set->attr_trailer)) + { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found: Complete match\n"); // complete match // new trailer == issuer attribute (e.g. (5) to (4)) // TODO memleak, free trailer before - ds_entry->attr_trailer = GNUNET_strdup(del->issuer_attribute); - } else { + ds_entry->attr_trailer = GNUNET_strdup (del->issuer_attribute); + } + else + { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found: Partial match\n"); // partial match - char *trail = partial_match(GNUNET_strdup (current_set->attr_trailer), - GNUNET_strdup (del->subject_attribute), - current_set->attr_trailer, - GNUNET_strdup (del->issuer_attribute)); + char *trail = partial_match (GNUNET_strdup (current_set->attr_trailer), + GNUNET_strdup (del->subject_attribute), + current_set->attr_trailer, + GNUNET_strdup (del->issuer_attribute)); // if null: skip this record entry (reasons: mismatch or overmatch, both not relevant) - if(NULL == trail) { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Entry not relevant, discarding: %s.%s <- %s.%s\n", - GNUNET_CRYPTO_ecdsa_public_key_to_string(&del->issuer_key), - del->issuer_attribute, - GNUNET_CRYPTO_ecdsa_public_key_to_string(&del->subject_key), - del->subject_attribute); + if (NULL == trail) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Entry not relevant, discarding: %s.%s <- %s.%s\n", + GNUNET_CRYPTO_ecdsa_public_key_to_string ( + &del->issuer_key), + del->issuer_attribute, + GNUNET_CRYPTO_ecdsa_public_key_to_string ( + &del->subject_key), + del->subject_attribute); continue; - } else + } + else ds_entry->attr_trailer = trail; } } @@ -717,15 +740,17 @@ forward_resolution (void *cls, // TODO: new ds_entry struct with subject_key (or one for both with contact_key or sth) ds_entry->issuer_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPublicKey); GNUNET_memcpy (ds_entry->issuer_key, - &del->subject_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + &del->subject_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); ds_entry->delegation_chain_entry = GNUNET_new (struct DelegationChainEntry); ds_entry->delegation_chain_entry->subject_key = del->subject_key; if (0 < del->subject_attribute_len) - ds_entry->delegation_chain_entry->subject_attribute = GNUNET_strdup (del->subject_attribute); + ds_entry->delegation_chain_entry->subject_attribute = + GNUNET_strdup (del->subject_attribute); ds_entry->delegation_chain_entry->issuer_key = del->issuer_key; - ds_entry->delegation_chain_entry->issuer_attribute = GNUNET_strdup (del->issuer_attribute); + ds_entry->delegation_chain_entry->issuer_attribute = + GNUNET_strdup (del->issuer_attribute); // current delegation as parent ds_entry->parent_queue_entry = dq_entry; @@ -733,66 +758,74 @@ forward_resolution (void *cls, // Check for solution // if: issuer key we looking for if (0 == memcmp (&del->issuer_key, - &vrh->issuer_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) + &vrh->issuer_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) { // if: issuer attr we looking for - if (0 == strcmp (del->issuer_attribute, - vrh->issuer_attribute)) + if (0 == strcmp (del->issuer_attribute, vrh->issuer_attribute)) + { + // if: complete match, meaning new trailer == issuer attr + if (0 == strcmp (vrh->issuer_attribute, ds_entry->attr_trailer)) { - // if: complete match, meaning new trailer == issuer attr - if(0 == strcmp (vrh->issuer_attribute, ds_entry->attr_trailer)) + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found: Solution\n"); + + // Add found solution into delegation_chain + struct DelegationSetQueueEntry *tmp_set; + for (tmp_set = ds_entry; NULL != tmp_set->parent_queue_entry; + tmp_set = tmp_set->parent_queue_entry->parent_set) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Found: Solution\n"); - - // Add found solution into delegation_chain - struct DelegationSetQueueEntry *tmp_set; - for (tmp_set = ds_entry; NULL != tmp_set->parent_queue_entry; - tmp_set = tmp_set->parent_queue_entry->parent_set) { - if (NULL != tmp_set->delegation_chain_entry) { - vrh->delegation_chain_size++; - GNUNET_CONTAINER_DLL_insert (vrh->delegation_chain_head, - vrh->delegation_chain_tail, - tmp_set->delegation_chain_entry); - } + if (NULL != tmp_set->delegation_chain_entry) + { + vrh->delegation_chain_size++; + GNUNET_CONTAINER_DLL_insert (vrh->delegation_chain_head, + vrh->delegation_chain_tail, + tmp_set->delegation_chain_entry); } + } - // Increase refcount for this delegate - for (struct DelegateRecordEntry *del_entry = vrh->del_chain_head; del_entry != NULL; del_entry = del_entry->next) { - if (0 == memcmp (&del_entry->delegate->issuer_key, - &vrh->delegation_chain_head->subject_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) + // Increase refcount for this delegate + for (struct DelegateRecordEntry *del_entry = vrh->del_chain_head; + del_entry != NULL; + del_entry = del_entry->next) + { + if (0 == memcmp (&del_entry->delegate->issuer_key, + &vrh->delegation_chain_head->subject_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) + { + if (0 == strcmp (del_entry->delegate->issuer_attribute, + vrh->delegation_chain_head->subject_attribute)) { - if (0 == strcmp (del_entry->delegate->issuer_attribute, - vrh->delegation_chain_head->subject_attribute)) - { - del_entry->refcount++; - } + del_entry->refcount++; } - } - - send_lookup_response (vrh); - return; + } } + + send_lookup_response (vrh); + return; } + } } - // Starting a new GNS lookup + // Starting a new GNS lookup vrh->pending_lookups++; ds_entry->handle = vrh; - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Starting to look up trailer %s in zone %s\n", ds_entry->attr_trailer, GNUNET_CRYPTO_ecdsa_public_key_to_string(&del->issuer_key)); - + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Starting to look up trailer %s in zone %s\n", + ds_entry->attr_trailer, + GNUNET_CRYPTO_ecdsa_public_key_to_string (&del->issuer_key)); + GNUNET_GNS_lookup (gns, - GNUNET_GNS_EMPTY_LABEL_AT, - &del->issuer_key, - GNUNET_GNSRECORD_TYPE_DELEGATE, - GNUNET_GNS_LO_DEFAULT, - &forward_resolution, - ds_entry); + GNUNET_GNS_EMPTY_LABEL_AT, + &del->issuer_key, + GNUNET_GNSRECORD_TYPE_DELEGATE, + GNUNET_GNS_LO_DEFAULT, + &forward_resolution, + ds_entry); } - if (0 == vrh->pending_lookups) { + if (0 == vrh->pending_lookups) + { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "We are all out of attributes...\n"); send_lookup_response (vrh); return; @@ -820,23 +853,24 @@ backward_resolution (void *cls, vrh->pending_lookups--; // Each OR - for (uint32_t i = 0; i < rd_count; i++) { + for (uint32_t i = 0; i < rd_count; i++) + { if (GNUNET_GNSRECORD_TYPE_ATTRIBUTE != rd[i].record_type) continue; sets = rd[i].data; struct GNUNET_CREDENTIAL_DelegationSet set[ntohl (sets->set_count)]; - GNUNET_log ( - GNUNET_ERROR_TYPE_DEBUG, - "Found new attribute delegation with %d sets. Creating new Job...\n", - ntohl (sets->set_count)); - - if (GNUNET_OK - != GNUNET_CREDENTIAL_delegation_set_deserialize ( - GNUNET_ntohll (sets->data_size), - (const char *)&sets[1], - ntohl (sets->set_count), - set)) { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Found new attribute delegation with %d sets. Creating new Job...\n", + ntohl (sets->set_count)); + + if (GNUNET_OK != + GNUNET_CREDENTIAL_delegation_set_deserialize (GNUNET_ntohll ( + sets->data_size), + (const char *) &sets[1], + ntohl (sets->set_count), + set)) + { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to deserialize!\n"); continue; } @@ -848,13 +882,17 @@ backward_resolution (void *cls, current_set->queue_entries_tail, dq_entry); // Each AND - for (uint32_t j = 0; j < ntohl (sets->set_count); j++) { + for (uint32_t j = 0; j < ntohl (sets->set_count); j++) + { ds_entry = GNUNET_new (struct DelegationSetQueueEntry); - if (NULL != current_set->attr_trailer) { - if (0 == set[j].subject_attribute_len) { + if (NULL != current_set->attr_trailer) + { + if (0 == set[j].subject_attribute_len) + { GNUNET_asprintf (&expanded_attr, "%s", current_set->attr_trailer); - - } else { + } + else + { GNUNET_asprintf (&expanded_attr, "%s.%s", set[j].subject_attribute, @@ -862,30 +900,33 @@ backward_resolution (void *cls, } GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Expanded to %s\n", expanded_attr); ds_entry->unresolved_attribute_delegation = expanded_attr; - } else { - if (0 != set[j].subject_attribute_len) { + } + else + { + if (0 != set[j].subject_attribute_len) + { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Not Expanding %s\n", set[j].subject_attribute); - ds_entry->unresolved_attribute_delegation - = GNUNET_strdup (set[j].subject_attribute); + ds_entry->unresolved_attribute_delegation = + GNUNET_strdup (set[j].subject_attribute); } } // Add a credential chain entry - ds_entry->delegation_chain_entry - = GNUNET_new (struct DelegationChainEntry); + ds_entry->delegation_chain_entry = + GNUNET_new (struct DelegationChainEntry); ds_entry->delegation_chain_entry->subject_key = set[j].subject_key; ds_entry->issuer_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPublicKey); GNUNET_memcpy (ds_entry->issuer_key, &set[j].subject_key, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); if (0 < set[j].subject_attribute_len) - ds_entry->delegation_chain_entry->subject_attribute - = GNUNET_strdup (set[j].subject_attribute); + ds_entry->delegation_chain_entry->subject_attribute = + GNUNET_strdup (set[j].subject_attribute); ds_entry->delegation_chain_entry->issuer_key = *current_set->issuer_key; - ds_entry->delegation_chain_entry->issuer_attribute - = GNUNET_strdup (current_set->lookup_attribute); + ds_entry->delegation_chain_entry->issuer_attribute = + GNUNET_strdup (current_set->lookup_attribute); ds_entry->parent_queue_entry = dq_entry; // current_delegation; @@ -898,30 +939,31 @@ backward_resolution (void *cls, * Check if this delegation already matches one of our credentials */ for (del_pointer = vrh->del_chain_head; del_pointer != NULL; - del_pointer = del_pointer->next) { + del_pointer = del_pointer->next) + { // If key and attribute match credential continue and backtrack - if (0 - != memcmp (&set->subject_key, - &del_pointer->delegate->issuer_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) + if (0 != memcmp (&set->subject_key, + &del_pointer->delegate->issuer_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) continue; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Checking if %s matches %s\n", ds_entry->unresolved_attribute_delegation, del_pointer->delegate->issuer_attribute); - if (0 - != strcmp (ds_entry->unresolved_attribute_delegation, - del_pointer->delegate->issuer_attribute)) + if (0 != strcmp (ds_entry->unresolved_attribute_delegation, + del_pointer->delegate->issuer_attribute)) continue; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found issuer\n"); del_pointer->refcount++; // Backtrack for (tmp_set = ds_entry; NULL != tmp_set->parent_queue_entry; - tmp_set = tmp_set->parent_queue_entry->parent_set) { + tmp_set = tmp_set->parent_queue_entry->parent_set) + { tmp_set->parent_queue_entry->required_solutions--; - if (NULL != tmp_set->delegation_chain_entry) { + if (NULL != tmp_set->delegation_chain_entry) + { vrh->delegation_chain_size++; GNUNET_CONTAINER_DLL_insert (vrh->delegation_chain_head, vrh->delegation_chain_tail, @@ -931,63 +973,69 @@ backward_resolution (void *cls, break; } - if (NULL == tmp_set->parent_queue_entry) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "All solutions found\n"); + if (NULL == tmp_set->parent_queue_entry) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "All solutions found\n"); // Found match send_lookup_response (vrh); return; } - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Not all solutions found yet.\n"); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Not all solutions found yet.\n"); continue; } GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Building new lookup request from %s\n", ds_entry->unresolved_attribute_delegation); // Continue with backward resolution - char - issuer_attribute_name[strlen (ds_entry->unresolved_attribute_delegation) - + 1]; + char issuer_attribute_name[strlen ( + ds_entry->unresolved_attribute_delegation) + + 1]; strcpy (issuer_attribute_name, ds_entry->unresolved_attribute_delegation); char *next_attr = strtok (issuer_attribute_name, "."); - if (NULL == next_attr) { + if (NULL == next_attr) + { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to parse next attribute\n"); continue; } GNUNET_asprintf (&lookup_attribute, "%s", next_attr); GNUNET_asprintf (&ds_entry->lookup_attribute, "%s", next_attr); - if (strlen (next_attr) - == strlen (ds_entry->unresolved_attribute_delegation)) { + if (strlen (next_attr) == + strlen (ds_entry->unresolved_attribute_delegation)) + { ds_entry->attr_trailer = NULL; - } else { + } + else + { next_attr += strlen (next_attr) + 1; ds_entry->attr_trailer = GNUNET_strdup (next_attr); } - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking up %s\n", ds_entry->lookup_attribute); if (NULL != ds_entry->attr_trailer) - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "%s still to go...\n", ds_entry->attr_trailer); vrh->pending_lookups++; ds_entry->handle = vrh; - ds_entry->lookup_request - = GNUNET_GNS_lookup (gns, - lookup_attribute, - ds_entry->issuer_key, // issuer_key, - GNUNET_GNSRECORD_TYPE_ATTRIBUTE, - GNUNET_GNS_LO_DEFAULT, - &backward_resolution, - ds_entry); + ds_entry->lookup_request = + GNUNET_GNS_lookup (gns, + lookup_attribute, + ds_entry->issuer_key, // issuer_key, + GNUNET_GNSRECORD_TYPE_ATTRIBUTE, + GNUNET_GNS_LO_DEFAULT, + &backward_resolution, + ds_entry); GNUNET_free (lookup_attribute); } } - if (0 == vrh->pending_lookups) { + if (0 == vrh->pending_lookups) + { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "We are all out of attributes...\n"); send_lookup_response (vrh); return; @@ -1008,20 +1056,22 @@ delegation_chain_bw_resolution_start (void *cls) struct DelegateRecordEntry *del_entry; vrh->lookup_request = NULL; - if (0 == vrh->del_chain_size) { + if (0 == vrh->del_chain_size) + { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No delegates found\n"); send_lookup_response (vrh); return; } for (del_entry = vrh->del_chain_head; del_entry != NULL; - del_entry = del_entry->next) { + del_entry = del_entry->next) + { if (0 != memcmp (&del_entry->delegate->issuer_key, - &vrh->issuer_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) + &vrh->issuer_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) continue; - if (0 != strcmp (del_entry->delegate->issuer_attribute, - vrh->issuer_attribute)) + if (0 != + strcmp (del_entry->delegate->issuer_attribute, vrh->issuer_attribute)) continue; del_entry->refcount++; // Found match prematurely @@ -1029,7 +1079,7 @@ delegation_chain_bw_resolution_start (void *cls) return; } - + //Check for attributes from the issuer and follow the chain //till you get the required subject's attributes char issuer_attribute_name[strlen (vrh->issuer_attribute) + 1]; @@ -1084,20 +1134,23 @@ delegation_chain_fw_resolution_start (void *cls) // X.x <- C // Y.y <- C // wenn X.x oder Y.y nicht == A.a dann starte von A - if (0 == vrh->del_chain_size) { + if (0 == vrh->del_chain_size) + { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No delegations found\n"); send_lookup_response (vrh); return; } - // Check if one of the delegations of the subject already match - for (del_entry = vrh->del_chain_head; del_entry != NULL; del_entry = del_entry->next) { + // Check if one of the delegations of the subject already match + for (del_entry = vrh->del_chain_head; del_entry != NULL; + del_entry = del_entry->next) + { if (0 != memcmp (&del_entry->delegate->issuer_key, - &vrh->issuer_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) + &vrh->issuer_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) continue; - if (0 != strcmp (del_entry->delegate->issuer_attribute, - vrh->issuer_attribute)) + if (0 != + strcmp (del_entry->delegate->issuer_attribute, vrh->issuer_attribute)) continue; del_entry->refcount++; // Found match prematurely @@ -1110,33 +1163,39 @@ delegation_chain_fw_resolution_start (void *cls) // ds_entry created belongs to the first lookup, vrh still has the // issuer+attr we look for - for (del_entry = vrh->del_chain_head; del_entry != NULL; del_entry = del_entry->next) { + for (del_entry = vrh->del_chain_head; del_entry != NULL; + del_entry = del_entry->next) + { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking for %s.%s\n", - GNUNET_CRYPTO_ecdsa_public_key_to_string(&del_entry->delegate->issuer_key), del_entry->delegate->issuer_attribute); - + GNUNET_CRYPTO_ecdsa_public_key_to_string ( + &del_entry->delegate->issuer_key), + del_entry->delegate->issuer_attribute); + ds_entry = GNUNET_new (struct DelegationSetQueueEntry); ds_entry->issuer_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPublicKey); // TODO: new ds_entry struct with subject_key (or one for both with contact_key or sth) GNUNET_memcpy (ds_entry->issuer_key, - &del_entry->delegate->subject_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - ds_entry->attr_trailer = GNUNET_strdup(del_entry->delegate->issuer_attribute); + &del_entry->delegate->subject_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + ds_entry->attr_trailer = + GNUNET_strdup (del_entry->delegate->issuer_attribute); ds_entry->handle = vrh; vrh->root_set = ds_entry; - vrh->pending_lookups ++; + vrh->pending_lookups++; // Start with forward resolution GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Start Forward Resolution\n"); - ds_entry->lookup_request = GNUNET_GNS_lookup (gns, - GNUNET_GNS_EMPTY_LABEL_AT, - &del_entry->delegate->issuer_key, // issuer_key, - GNUNET_GNSRECORD_TYPE_DELEGATE, - GNUNET_GNS_LO_DEFAULT, - &forward_resolution, - ds_entry); + ds_entry->lookup_request = + GNUNET_GNS_lookup (gns, + GNUNET_GNS_EMPTY_LABEL_AT, + &del_entry->delegate->issuer_key, // issuer_key, + GNUNET_GNSRECORD_TYPE_DELEGATE, + GNUNET_GNS_LO_DEFAULT, + &forward_resolution, + ds_entry); } } @@ -1147,17 +1206,20 @@ check_verify (void *cls, const struct VerifyMessage *v_msg) const char *attr; msg_size = ntohs (v_msg->header.size); - if (msg_size < sizeof (struct VerifyMessage)) { + if (msg_size < sizeof (struct VerifyMessage)) + { GNUNET_break (0); return GNUNET_SYSERR; } - if (ntohs (v_msg->issuer_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH) { + if (ntohs (v_msg->issuer_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH) + { GNUNET_break (0); return GNUNET_SYSERR; } - attr = (const char *)&v_msg[1]; + attr = (const char *) &v_msg[1]; - if (strlen (attr) > GNUNET_CREDENTIAL_MAX_LENGTH) { + if (strlen (attr) > GNUNET_CREDENTIAL_MAX_LENGTH) + { GNUNET_break (0); return GNUNET_SYSERR; } @@ -1179,7 +1241,7 @@ handle_verify (void *cls, const struct VerifyMessage *v_msg) const char *utf_in; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received VERIFY message\n"); - utf_in = (const char *)&v_msg[1]; + utf_in = (const char *) &v_msg[1]; GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); GNUNET_memcpy (issuer_attribute, attr, ntohs (v_msg->issuer_attribute_len)); issuer_attribute[ntohs (v_msg->issuer_attribute_len)] = '\0'; @@ -1190,50 +1252,52 @@ handle_verify (void *cls, const struct VerifyMessage *v_msg) vrh->issuer_key = v_msg->issuer_key; vrh->subject_key = v_msg->subject_key; vrh->issuer_attribute = GNUNET_strdup (issuer_attribute); - vrh->resolution_algo = ntohs(v_msg->resolution_algo); + vrh->resolution_algo = ntohs (v_msg->resolution_algo); GNUNET_SERVICE_client_continue (vrh->client); - if (0 == strlen (issuer_attribute)) { + if (0 == strlen (issuer_attribute)) + { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No issuer attribute provided!\n"); send_lookup_response (vrh); return; } - + // Parse delegates from verifaction message delegate_count = ntohl (v_msg->d_count); - delegate_data_size = ntohs (v_msg->header.size) - - sizeof (struct VerifyMessage) - - ntohs (v_msg->issuer_attribute_len) - 1; + delegate_data_size = ntohs (v_msg->header.size) - + sizeof (struct VerifyMessage) - + ntohs (v_msg->issuer_attribute_len) - 1; struct GNUNET_CREDENTIAL_Delegate delegates[delegate_count]; memset (delegates, 0, sizeof (struct GNUNET_CREDENTIAL_Delegate) * delegate_count); - delegate_data = (char *)&v_msg[1] + ntohs (v_msg->issuer_attribute_len) + 1; - if (GNUNET_OK - != GNUNET_CREDENTIAL_delegates_deserialize (delegate_data_size, - delegate_data, - delegate_count, - delegates)) { + delegate_data = (char *) &v_msg[1] + ntohs (v_msg->issuer_attribute_len) + 1; + if (GNUNET_OK != GNUNET_CREDENTIAL_delegates_deserialize (delegate_data_size, + delegate_data, + delegate_count, + delegates)) + { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Cannot deserialize delegates!\n"); send_lookup_response (vrh); return; } // Prepare vrh delegation chain for later validation - for (uint32_t i = 0; i < delegate_count; i++) { + for (uint32_t i = 0; i < delegate_count; i++) + { del_entry = GNUNET_new (struct DelegateRecordEntry); - del_entry->delegate - = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Delegate) - + delegates[i].issuer_attribute_len + 1); + del_entry->delegate = + GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Delegate) + + delegates[i].issuer_attribute_len + 1); GNUNET_memcpy (del_entry->delegate, &delegates[i], sizeof (struct GNUNET_CREDENTIAL_Delegate)); GNUNET_memcpy (&del_entry->delegate[1], delegates[i].issuer_attribute, delegates[i].issuer_attribute_len); - del_entry->delegate->issuer_attribute_len - = delegates[i].issuer_attribute_len; - del_entry->delegate->issuer_attribute = (char *)&del_entry->delegate[1]; + del_entry->delegate->issuer_attribute_len = + delegates[i].issuer_attribute_len; + del_entry->delegate->issuer_attribute = (char *) &del_entry->delegate[1]; GNUNET_CONTAINER_DLL_insert_tail (vrh->del_chain_head, vrh->del_chain_tail, del_entry); @@ -1241,11 +1305,16 @@ handle_verify (void *cls, const struct VerifyMessage *v_msg) } // Switch resolution algo - if(Backward == vrh->resolution_algo){ + if (GNUNET_CREDENTIAL_FLAG_BACKWARD & vrh->resolution_algo) + { delegation_chain_bw_resolution_start (vrh); - } else if (Forward == vrh->resolution_algo){ + } + else if (GNUNET_CREDENTIAL_FLAG_FORWARD & vrh->resolution_algo) + { delegation_chain_fw_resolution_start (vrh); - } else{ + } + else + { //TODO } } @@ -1266,21 +1335,26 @@ delegate_collection_finished (void *cls) struct VerifyRequestHandle *vrh = cls; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Done collecting delegates.\n"); - if(Backward == vrh->resolution_algo){ + if (GNUNET_CREDENTIAL_FLAG_BACKWARD & vrh->resolution_algo) + { delegation_chain_bw_resolution_start (vrh); - } else if (Forward == vrh->resolution_algo){ + } + else if (GNUNET_CREDENTIAL_FLAG_FORWARD & vrh->resolution_algo) + { delegation_chain_fw_resolution_start (vrh); - } else{ + } + else + { //TODO } } static void handle_delegate_collection_cb (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) + const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd) { struct VerifyRequestHandle *vrh = cls; struct GNUNET_CREDENTIAL_Delegate *del; @@ -1289,25 +1363,31 @@ handle_delegate_collection_cb (void *cls, cred_record_count = 0; vrh->dele_qe = NULL; - //TODO not all, only private and with sub_attr_len == 0 - for (uint32_t i = 0; i < rd_count; i++) { + for (uint32_t i = 0; i < rd_count; i++) + { if (GNUNET_GNSRECORD_TYPE_DELEGATE != rd[i].record_type) continue; cred_record_count++; del = GNUNET_CREDENTIAL_delegate_deserialize (rd[i].data, rd[i].data_size); - if (NULL == del) { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Invalid credential found\n"); + if (NULL == del) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Invalid delegate found\n"); continue; } - del_entry = GNUNET_new (struct DelegateRecordEntry); - del_entry->delegate = del; - GNUNET_CONTAINER_DLL_insert_tail (vrh->del_chain_head, - vrh->del_chain_tail, - del_entry); - vrh->del_chain_size++; + // only add the entries that are explicity marked as private + // and therefor symbolize the end of a chain + if (rd[i].flags & GNUNET_GNSRECORD_RF_PRIVATE) + { + del_entry = GNUNET_new (struct DelegateRecordEntry); + del_entry->delegate = del; + GNUNET_CONTAINER_DLL_insert_tail (vrh->del_chain_head, + vrh->del_chain_tail, + del_entry); + vrh->del_chain_size++; + } } - delegate_collection_finished(vrh); + delegate_collection_finished (vrh); } static void @@ -1322,7 +1402,7 @@ handle_collect (void *cls, const struct CollectMessage *c_msg) GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received COLLECT message\n"); - utf_in = (const char *)&c_msg[1]; + utf_in = (const char *) &c_msg[1]; GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); GNUNET_memcpy (issuer_attribute, attr, ntohs (c_msg->issuer_attribute_len)); @@ -1334,23 +1414,25 @@ handle_collect (void *cls, const struct CollectMessage *c_msg) vrh->issuer_key = c_msg->issuer_key; GNUNET_CRYPTO_ecdsa_key_get_public (&c_msg->subject_key, &vrh->subject_key); vrh->issuer_attribute = GNUNET_strdup (issuer_attribute); - vrh->resolution_algo = ntohs(c_msg->resolution_algo); + vrh->resolution_algo = ntohs (c_msg->resolution_algo); - if (0 == strlen (issuer_attribute)) { + if (0 == strlen (issuer_attribute)) + { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No issuer attribute provided!\n"); send_lookup_response (vrh); return; } GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting delegates for subject\n"); - + // Get all delegates from subject - vrh->dele_qe = GNUNET_NAMESTORE_records_lookup (namestore, - &c_msg->subject_key, - GNUNET_GNS_EMPTY_LABEL_AT, - &handle_delegate_collection_error_cb, - vrh, - &handle_delegate_collection_cb, - vrh); + vrh->dele_qe = + GNUNET_NAMESTORE_records_lookup (namestore, + &c_msg->subject_key, + GNUNET_GNS_EMPTY_LABEL_AT, + &handle_delegate_collection_error_cb, + vrh, + &handle_delegate_collection_cb, + vrh); GNUNET_SERVICE_client_continue (vrh->client); } @@ -1362,18 +1444,21 @@ check_collect (void *cls, const struct CollectMessage *c_msg) const char *attr; msg_size = ntohs (c_msg->header.size); - if (msg_size < sizeof (struct CollectMessage)) { + if (msg_size < sizeof (struct CollectMessage)) + { GNUNET_break (0); return GNUNET_SYSERR; } - if (ntohs (c_msg->issuer_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH) { + if (ntohs (c_msg->issuer_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH) + { GNUNET_break (0); return GNUNET_SYSERR; } - attr = (const char *)&c_msg[1]; + attr = (const char *) &c_msg[1]; - if (('\0' != attr[msg_size - sizeof (struct CollectMessage) - 1]) - || (strlen (attr) > GNUNET_CREDENTIAL_MAX_LENGTH)) { + if (('\0' != attr[msg_size - sizeof (struct CollectMessage) - 1]) || + (strlen (attr) > GNUNET_CREDENTIAL_MAX_LENGTH)) + { GNUNET_break (0); return GNUNET_SYSERR; } @@ -1411,11 +1496,13 @@ run (void *cls, { gns = GNUNET_GNS_connect (c); - if (NULL == gns) { + if (NULL == gns) + { fprintf (stderr, _ ("Failed to connect to GNS\n")); } namestore = GNUNET_NAMESTORE_connect (c); - if (NULL == namestore) { + if (NULL == namestore) + { fprintf (stderr, _ ("Failed to connect to namestore\n")); } diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 784c7def1..088c4dd0e 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -27,7 +27,6 @@ #include "gnunet_util_lib.h" -#include "credential_misc.h" #include "delegate_misc.h" #include "credential_serialization.h" #include "gnunet_credential_service.h" @@ -79,7 +78,7 @@ credential_value_to_string (void *cls, { subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&set[i].subject_key); - + if (0 == set[i].subject_attribute_len) { if (0 == i) @@ -117,16 +116,6 @@ credential_value_to_string (void *cls, } return attr_str; } - case GNUNET_GNSRECORD_TYPE_CREDENTIAL: - { - struct GNUNET_CREDENTIAL_Credential *cred; - char *cred_str; - - cred = GNUNET_CREDENTIAL_credential_deserialize (data, data_size); - cred_str = GNUNET_CREDENTIAL_credential_to_string (cred); - GNUNET_free (cred); - return cred_str; - } case GNUNET_GNSRECORD_TYPE_DELEGATE: { struct GNUNET_CREDENTIAL_Delegate *cred; @@ -255,14 +244,6 @@ credential_string_to_value (void *cls, GNUNET_free (tmp_str); return GNUNET_OK; } - case GNUNET_GNSRECORD_TYPE_CREDENTIAL: - { - struct GNUNET_CREDENTIAL_Credential *cred; - cred = GNUNET_CREDENTIAL_credential_from_string (s); - - *data_size = GNUNET_CREDENTIAL_credential_serialize (cred, (char **) data); - return GNUNET_OK; - } case GNUNET_GNSRECORD_TYPE_DELEGATE: { struct GNUNET_CREDENTIAL_Delegate *cred; diff --git a/src/credential/test_credential_own.sh b/src/credential/test_credential_own.sh index d2ed0b0ac..4ff1a8e08 100755 --- a/src/credential/test_credential_own.sh +++ b/src/credential/test_credential_own.sh @@ -74,8 +74,10 @@ gnunet-credential --createSubjectSide --ego=f --import "$SIGNED" gnunet-namestore -D -z f SIGNED=`$DO_TIMEOUT gnunet-credential --signSubjectSide --ego=f --attribute="c" --subject="$GKEY" --ttl="2019-12-12 10:00:00"` -gnunet-credential --createSubjectSide --ego=g --import "$SIGNED" +gnunet-credential --createSubjectSide --ego=g --import "$SIGNED" --private SIGNED=`$DO_TIMEOUT gnunet-credential --signSubjectSide --ego=a --attribute="c" --subject="$GKEY" --ttl="2019-12-12 10:00:00"` +gnunet-credential --createSubjectSide --ego=g --import "$SIGNED" --private +SIGNED=`$DO_TIMEOUT gnunet-credential --signSubjectSide --ego=d --attribute="h.o" --subject="$GKEY" --ttl="2019-12-12 10:00:00"` gnunet-credential --createSubjectSide --ego=g --import "$SIGNED" gnunet-namestore -D -z g @@ -92,20 +94,20 @@ gnunet-credential --createIssuerSide --ego=stateu --attribute=$STATE_STUD_ATTR - # (4) RegistrarB issues Alice the credential "student" SIGNED=`$DO_TIMEOUT gnunet-credential --signSubjectSide --ego=registrarb --attribute="$REG_STUD_ATTR" --subject="$ALICE_KEY" --ttl="2019-12-12 10:00:00"` -gnunet-credential --createSubjectSide --ego=alice --import "$SIGNED" +gnunet-credential --createSubjectSide --ego=alice --import "$SIGNED" --private # Starting to resolve echo "+++ Starting to Resolve +++" -#CREDS=`$DO_TIMEOUT gnunet-credential --collect --issuer=$AKEY --attribute="a" --ego=g -c test_credential_lookup.conf | paste -d, -s` -#echo $CREDS -#echo gnunet-credential --verify --issuer=$AKEY --attribute="a" --subject=$GKEY --credential=\'$CREDS\' -c test_credential_lookup.conf -#RES_CRED=`gnunet-credential --verify --issuer=$AKEY --attribute="a" --subject=$GKEY --credential="$CREDS" -c test_credential_lookup.conf` +#DELS=`$DO_TIMEOUT gnunet-credential --collect --issuer=$AKEY --attribute="a" --ego=g --forward -c test_credential_lookup.conf | paste -d, -s` +#echo $DELS +#echo gnunet-credential --verify --issuer=$AKEY --attribute="a" --subject=$GKEY --delegate=\'$DELS\' --forward -c test_credential_lookup.conf +#RES_DELS=`gnunet-credential --verify --issuer=$AKEY --attribute="a" --subject=$GKEY --delegate="$DELS" --forward -c test_credential_lookup.conf` -CREDS=`$DO_TIMEOUT gnunet-credential --collect --issuer=$EPUB_KEY --attribute=$DISC_ATTR --ego=alice -c test_credential_lookup.conf | paste -d, -s` -echo $CREDS -echo gnunet-credential --verify --issuer=$EPUB_KEY --attribute=$DISC_ATTR --subject=$ALICE_KEY --credential=\'$CREDS\' -c test_credential_lookup.conf -RES_CRED=`gnunet-credential --verify --issuer=$EPUB_KEY --attribute=$DISC_ATTR --subject=$ALICE_KEY --credential="$CREDS" -c test_credential_lookup.conf` +DELS=`$DO_TIMEOUT gnunet-credential --collect --issuer=$EPUB_KEY --attribute=$DISC_ATTR --ego=alice --backward -c test_credential_lookup.conf | paste -d, -s` +echo $DELS +echo gnunet-credential --verify --issuer=$EPUB_KEY --attribute=$DISC_ATTR --subject=$ALICE_KEY --delegate=\'$DELS\' --backward -c test_credential_lookup.conf +RES_DELS=`gnunet-credential --verify --issuer=$EPUB_KEY --attribute=$DISC_ATTR --subject=$ALICE_KEY --delegate="$DELS" --backward -c test_credential_lookup.conf` # Cleanup properly @@ -120,13 +122,13 @@ gnunet-namestore -z stateu -d -n $STATE_STUD_ATTR -t ATTR -c test_credential_loo gnunet-arm -e -c test_credential_lookup.conf -if [ "$RES_CRED" != "Failed." ] +if [ "$RES_DELS" != "Failed." ] then # TODO: replace echo -e bashism - echo -e "${RES_CRED}" + echo -e "${RES_DELS}" exit 0 else - echo "FAIL: Failed to verify credential $RES_CRED." + echo "FAIL: Failed to verify credential $RES_DELS." exit 1 fi diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index b64bb350c..be682c3b5 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -167,43 +167,6 @@ struct GNUNET_CREDENTIAL_Delegation { }; -/** - * A credential - */ -struct GNUNET_CREDENTIAL_Credential { - - /** - * The issuer of the credential - */ - struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; - - /** - * Public key of the subject this credential was issued to - */ - struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; - - /** - * Signature of this credential - */ - struct GNUNET_CRYPTO_EcdsaSignature signature; - - /** - * Expiration of this credential - */ - struct GNUNET_TIME_Absolute expiration; - - /** - * Length of the attribute - */ - uint32_t issuer_attribute_len; - - /** - * The attribute - */ - const char *issuer_attribute; - -}; - /** * A delegate */ @@ -251,7 +214,18 @@ struct GNUNET_CREDENTIAL_Delegate { }; +/* +* Enum used for checking whether the issuer has the authority to issue credentials or is just a subject +*/ +enum GNUNET_CREDENTIAL_AlgoDirectionFlags { + //Subject had credentials before, but have been revoked now + GNUNET_CREDENTIAL_FLAG_FORWARD=1 << 0, + + //Subject flag indicates that the subject is a holder of this credential and may present it as such + GNUNET_CREDENTIAL_FLAG_BACKWARD=1 << 1 + +}; /** * Initialize the connection with the Credential service. @@ -332,7 +306,8 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, const char *issuer_attribute, const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, uint32_t credential_count, - const struct GNUNET_CREDENTIAL_Delegate *credentials, + const struct GNUNET_CREDENTIAL_Delegate *delegates, + enum GNUNET_CREDENTIAL_AlgoDirectionFlags direction, GNUNET_CREDENTIAL_CredentialResultProcessor proc, void *proc_cls); @@ -341,6 +316,7 @@ GNUNET_CREDENTIAL_collect (struct GNUNET_CREDENTIAL_Handle *handle, const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, const char *issuer_attribute, const struct GNUNET_CRYPTO_EcdsaPrivateKey *subject_key, + enum GNUNET_CREDENTIAL_AlgoDirectionFlags direction, GNUNET_CREDENTIAL_CredentialResultProcessor proc, void *proc_cls); @@ -384,21 +360,6 @@ GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle, -/** - * Issue an attribute to a subject - * - * @param issuer the ego that should be used to issue the attribute - * @param subject the subject of the attribute - * @param attribute the name of the attribute - * @param expiration the TTL of the credential - * @return handle to the queued request - */ -struct GNUNET_CREDENTIAL_Credential* -GNUNET_CREDENTIAL_credential_issue (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, - struct GNUNET_CRYPTO_EcdsaPublicKey *subject, - const char *attribute, - struct GNUNET_TIME_Absolute *expiration); - /** * Issue an attribute to a subject * -- cgit v1.2.3